I think Pop!_OS is doing a great job with the full disk encryption, so my suggestion is to either making the standard parameters more sensible or giving the user the choice to change them in the installer (at least in the architect).
You propose making the weaker encryption options the default in Calamares?
Well, Calamares is made not for Manjaro only, it’s a project of its own. Feature requests need to be discussed with its developers. Here is an example for such a request:
The user wants stronger encryption, you want weaker encryption. If I understand @adriaandegroot correctly Calamares uses the default values which are the weaker ones from the Arch Wiki page. So then you actually can’t improve them for your needs.
If I were you I would have partitioned manually with a separate unencrypted boot partition. This would boot much faster. You can still do it without reinstalling.
Do you have free unecrypted disk space?
If not, how big is your UEFI partition? Do you use for dual-boot with Windows?
Issue is that grub does not utilize “those modern cpu instructions that speed up hashing and crypto”.
When calamares is generating keys with --iter-time 2000 (2 seconds) the crypto lib makes full use of all those special cpu instructions.
Now when grub does it, it is like 5 times slower because the lib it uses is not able to utilize those cpu instructions. Now you wait 10 sec. instead of 2…
Also since /boot and root fs is encrypted it needs to unlock twice…
Are they using full disk encryption though? If they do, do they have some secret patch to grub or are they using less secure encryption by default? Do you get graphical password dialog for decryption or just a black screen?
If you still have such pop!_os installation, would you mind posting the output of lsblk? I would be very interested in in implementing their solution if it solves the slow fde boot in a reasonable manner.
Just happen to come across this thread and have a pop_os install available. The typical ububu install has a graphical password dialog, but isn’t really “full disk” encryption, just the root fs and cryptswap. Pop_os itself also no longer uses grub and instead uses the systemd-bootloader with kernelstub configuration tool. It is a great user experience to be fair.
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 498M 0 part /boot/efi
├─nvme0n1p2 259:2 0 4G 0 part /recovery
├─nvme0n1p3 259:3 0 468.4G 0 part
│ └─cryptdata 253:0 0 468.4G 0 crypt
│ └─data-root 253:1 0 468.4G 0 lvm /
└─nvme0n1p4 259:4 0 4G 0 part
└─cryptswap 253:2 0 4G 0 crypt [SWAP]